Vulnerability identifier: #VU12311
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: No
Vendor: IBM Corporation
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.
The weakness exists due to IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which can result in duplicate Session IDs and a risk of duplicate key material. A remote attacker can gain access to potentially sensitive information and write arbitrary files.
Install update from vendor's website.
Vulnerable software versions
IBM DB2: 9.7, 10.1, 10.5, 11.1
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.